Today, there remains an unsettling lack of understanding about just how safe utilities are from cyberattack. Even NIPC Director Dick seems to have no idea as to the overall state of networked infrastructure. Asked if he knows which utilities are vulnerable, Dick says, "I don’t know that anyone knows."

WHY CYBERTERRORISM IS NOT WORTH THE WORRY

This much is known: Some critical computers are vulnerable. In 1997 a hacker shut down control tower services at the Worcester, Mass., airport. The incident didn’t cause any accidents, though service was affected. Three years later, a General Accounting Office report suggested the Federal Aviation Administration computers were vulnerable. And in Maroochy Shire, Australia, in April 2000, a disgruntled consultant-turned-hacker compromised a waste management control system and loosed millions of gallons of raw sewage on the town.

The hacker had deep knowledge of the system, and he had stolen sewage-control software on his laptop. He spent two months getting into the system from the outside.

The good news?besides the lack of human casualties (marine life died)?is it took this former insider 46 tries to unleash the waste; the bad news is that those managing this critical infrastructure missed his first 45 attempts.

It wasn’t cyberterrorism. But even so, many view the cyberterrorist threat to computer infrastructure as largely implausible.

Why? For one, experts say terrorism is like lightning. It takes the path of least resistance to its end. And, right now, it’s easier to blow something up than to figure out how to damage it by hacking into and manipulating a computer system.

Take the MWRA. After Sept. 11, Kempe’s first order was not to lock down computers; it was to erect Jersey barriers, weld manhole covers and call in the National Guard. Terrorists want to make an immediate impact, and cyberterrorism is largely quiet.

"Terrorists need to make a big splash, to draw headlines," says Mike Hager, vice president of security at Oppenheimer Funds in Engelwood, Colo., who was at the World Trade Center Sept. 11 and escaped after both planes hit. "The type of cyberterrorist attack pulled off would have to be huge." According to Hagar, the fact that a hacker turned some lights out wouldn’t convey any terrifying message. "The terrorists [on Sept. 11] could have hacked into the power system of the World Trade Center." They didn’t, because that wouldn’t have made a statement.

Security expert Rob Rosenberger feels much of the rhetoric about cyberterrorism is political posturing to gain funding. "The information-war people say this cyberterrorist threat is out there, but they never provide any plausible scenarios," says Rosenberger, director of Vmyths.com, an independent website that squelches virus myths and general computer security hysteria. "I’m asking for reality, and I’m not getting it."